Safe and Flexible Dynamic Linking of Native Code
We present the design and implementation of the first complete framework for flexible and safe dynamic linking of native code. Our approach extends Typed Assembly Language with a primitive for loading and typechecking code, which is flexible enough to support a variety of linking strategies, but simple enough that it does not significantly expand the trusted computing base. Using this primitive, along with the ability to compute with types, we show that we can program many existing dynamic linking approaches. As a concrete demonstration, we have used our framework to implement dynamic linking for a type-safe dialect of C, closely modeled after the standard linking facility for Unix C programs. Aside from the unavoidable cost of verification, our implementation performs comparably with the standard, untyped approach.
Unable to display preview. Download preview PDF.
- 2.A. W. Appel and A. P. Felty. A semantic model of types and machine instructions for proof-carrying code. In Twenty-Seventh ACM Symposium on Principles of Programming Languages, pages 243–253, Boston, Jan. 2000.Google Scholar
- 3.K. Arnold and J. Gosling. The Java Programming Language. Addison-Wesley, 1996.Google Scholar
- 4.B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers, and S. Eggers. Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the 15th ACM Symposium on Operating System Principles, pages 267–284, Copper Mountain Resort, Colorado, 1995.Google Scholar
- 6.C. Colby, P. Lee, G. C. Necula, F. Blau, K. Cline, and M. Plesko. A certifying compiler for Java. In Proceedings of the 2000 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI00), June 2000.Google Scholar
- 7.Microsoft COM technologies. http://www.microsoft.com/com/default.asp.
- 8.K. Crary, S. Weirich, and G. Morrisett. Intensional polymorphism in type-erasure semantics. In 1998 ACM International Conference on Functional Programming, pages 301–312, Baltimore, Sept. 1998. Extended version published as Cornell University technical report TR98-1721.Google Scholar
- 9.DLOPEN(3). Linux Programmer’s Manual, December 1995.Google Scholar
- 10.D. Duggan. Sharing in Typed Module Assembly Language. In Proceedings of the Third ACM SIGPLAN Workshop on Types in Compilation, September 2000.Google Scholar
- 11.D. R. Engler, M. F. Kaashoek, and J. O’Toole Jr. Exokernel: an operating system architecture for application-level resource management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, pages 251–266, Copper Mountain Resort, Colorado, December 1995. Safe and Flexible Dynamic Linking of Native Code 175Google Scholar
- 12.Flashed webserver. http://flashed.cis.upenn.edu.
- 13.M. Flatt and M. Felleisen. Units: Cool modules for HOT languages. In Proceedings of SIGPLAN International Conference on Programming Language Design and Implementation, pages 236–248. ACM, June 1998.Google Scholar
- 14.M. Franz. Dynamic linking of software components. IEEE Computer, 30(3):74–81, March 1997.Google Scholar
- 15.N. Glew and G. Morrisett. Type-safe linking and modular assembly language. In Twenty-Sixth ACM Symposium on Principles of Programming Languages, 1999.Google Scholar
- 16.D. Grossman and G. Morrisett. Scalable certi cation for Typed Assembly Language. In Proceedings of the Third ACM SIGPLAN Workshop on Types in Compilation, September 2000.Google Scholar
- 17.R. Harper, J. C. Mitchell, and E. Moggi. Higher-order modules and the phase distinction. In Seventeenth ACM Symposium on Principles of Programming Languages, pages 341–354, San Francisco, Jan. 1990.Google Scholar
- 18.M. Hicks. Dynamic Software Updating. PhD thesis, Department of Computer and Information Science, University of Pennsylvania, 2001.Google Scholar
- 19.M. Hicks, J. T. Moore, and S. Nettles. Dynamic software updating. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, June 2001. To appear.Google Scholar
- 20.M. Hicks and S. Weirich. A calculus for dynamic loading. Technical Report MS-CIS-00-07, University of Pennsylvania, 2000.Google Scholar
- 21.L. Hornof and T. Jim. Certifying compilation and runtime code generation. Journal of Higher-Order and Symbolic Computation, 12(4), 1999. An earlier version appeared in Partial Evaluation and Semantics-Based Program Manipulation, January 22-23, 1999.Google Scholar
- 22.Hotjava browser. http://java.sun.com/products/hotjava/index.html.
- 23.Basics of java class loaders, 1996. http://www.javaworld.com/javaworld/jw-10-1996/jw-10-indepth.html.
- 24.John R. Levine. Linkers and Loaders. Morgan-Kaufman, 2000.Google Scholar
- 25.D. Kozen. Efficient code certi cation. Technical Report 98-1661, Department of Computer Science, Cornell University, Ithaca, NY 12853–7501, January 1998.Google Scholar
- 26.X. Leroy. Manifest types, modules and separate compilation. In Twenty-First ACM Symposium on Principles of Programming Languages, pages 109–122, Portland, Oregon, Jan. 1994.Google Scholar
- 27.X. Leroy. The Objective Caml System, Release 3.00. Institut National de Recherche en Informatique et Automatique (INRIA), 2000. Available at http://caml.inria.fr.
- 28.M. Lillibridge. Translucent Sums: A Foundation for Higher-Order Module Systems. PhD thesis, Carnegie Mellon University, School of Computer Science, Pittsburgh, Pennsylvania, May 1997.Google Scholar
- 29.T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison-Wesley, 1996.Google Scholar
- 30.R. Milner, M. Tofte, R. Harper, and D. MacQueen. The De nition of Standard ML (Revised). The MIT Press, Cambridge, Massachusetts, 1997.Google Scholar
- 32.G. Morrisett, K. Crary, N. Glew, D. Grossman, R. Samuels, F. Smith, D. Walker, S. Weirich, and S. Zdancewic. TALx86: A realistic typed assembly language. In Second Workshop on Compiler Support for System Software, Atlanta, May 1999. 176 M. Hicks, S. Weirich, and K. CraryGoogle Scholar
- 34.G. Necula. Proof-carrying code. In Twenty-Fourth ACM Symposium on Principles of Programming Languages, pages 106–119, Paris, Jan. 1997.Google Scholar
- 35.G. Necula and P. Lee. Safe kernel extensions without run-time checking. In Second Symposium on Operating Systems Design and Implementation, pages 229–243, Seattle, Oct. 1996.Google Scholar
- 36.J. Peterson, P. Hudak, and G. S. Ling. Principled dynamic code improvement. Technical Report YALEU/DCS/RR-1135, Department of Computer Science, Yale University, July 1997.Google Scholar
- 37.F. Rouaix. A Web navigator with applets in Caml. In Proceedings of the 5th International World Wide Web Conference, in Computer Networks and Telecommunications Networking, volume 28, pages 1365–1371. Elsevier, May 1996.Google Scholar
- 38.E. G. Sirer, M. E. Fiuczynski, P. Pardyak, and B. N. Bershad. Safe dynamic linking in an extensible operating system. In First Workshop on Compiler Support for System Software, Tucson, February 1996.Google Scholar
- 39.E. G. Sirer, R. Grimm, A. J. Gregory, and B. N. Bershad. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the Seventeenth Symposium on Operating Systems Principles, December 1999.Google Scholar
- 40.Tool Interface Standards Committee. Executable and Linking Format (ELF) specfication. http://x86.ddj.com/ftp/manuals/tools/elf.pdf, May 1995.
- 41.D. Walker and G. Morrisett. Alias types for recursive data structures. In Proceedings of the Third ACM SIGPLAN Workshop on Types in Compilation, September 2000.Google Scholar
- 42.S. Weirich. Type-safe cast. In Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming Languages, pages 58–67, September 2000.Google Scholar